NULL pointer dereference in iccDEV - CVE-2026-21506
Published: May 5, 2026
iccDEV
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to null pointer dereference in CIccProfileXml::ParseBasic() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.
User interaction is required to process the crafted ICC color profile.